Managing Hyper-V
-
@Tim_G My annoyance with Proxmox is the need to change the repo from enterprise to the no subscription repo.
I don't really have an issue with them using Debian because majority of time is spent on the
webui.I do wonder why they don't use Fedora unless they are more familiar with Debian.
-
@JaredBusch in the case of the domain being down can you still log in locally?
-
@bigbear ad credentials cached afaik
-
@bigbear said in Managing Hyper-V:
@JaredBusch in the case of the domain being down can you still log in locally?
Same as any Windows server. There's domain logon and local user logon. Also, as matteo said, cached credentials.
Not to mention "other" ways if you have physical access to the server, or remote with iDrac/ilo.
-
@Tim_G said in Managing Hyper-V:
@bigbear said in Managing Hyper-V:
@JaredBusch in the case of the domain being down can you still log in locally?
Same as any Windows server. There's domain logon and local user logon. Also, as matteo said, cached credentials.
Not to mention "other" ways if you have physical access to the server, or remote with iDrac/ilo.
Ransomware. I've seen cryto attack that encrypted all the VMs
-
@John-Nicholson said in Managing Hyper-V:
@Tim_G said in Managing Hyper-V:
@bigbear said in Managing Hyper-V:
@JaredBusch in the case of the domain being down can you still log in locally?
Same as any Windows server. There's domain logon and local user logon. Also, as matteo said, cached credentials.
Not to mention "other" ways if you have physical access to the server, or remote with iDrac/ilo.
Ransomware. I've seen cryto attack that encrypted all the VMs
I'm not sure how much more likely this is in a domain joined situation that non domained joined. If a computer that's used by an admin of VMs gets infected, it can possibly be used as an attack vector to the rest.
Hopefully you don't have anything open you don't need, like fileshares.
If you're talking about vulnerabilities in SMB, then domain joined or not didn't matter to those.
-
@John-Nicholson said in Managing Hyper-V:
@Tim_G said in Managing Hyper-V:
@bigbear said in Managing Hyper-V:
@JaredBusch in the case of the domain being down can you still log in locally?
Same as any Windows server. There's domain logon and local user logon. Also, as matteo said, cached credentials.
Not to mention "other" ways if you have physical access to the server, or remote with iDrac/ilo.
Ransomware. I've seen cryto attack that encrypted all the VMs
That's not an issue of being on a domain. That's an issue caused by bad IT administration.
I have hypervisors on the domain and they haven't been encrypted.
Other companies had ransomware with hypervisors on the domain, and the VMs themself haven't been encrypted... maybe files inside the VM, but that part is hypervisor agnostic.
-
@Tim_G While you're investigating have you taken a look at xCat? Seems like it may be something that can manage KVM.
-
@coliver said in Managing Hyper-V:
@Tim_G While you're investigating have you taken a look at xCat? Seems like it may be something that can manage KVM.
Seems like no console access but might be convenient for provisioning VM's and maintenance
-
Has anyone tested this?
http://hv-manager.org/#home -
@dbeato said in Managing Hyper-V:
Has anyone tested this?
http://hv-manager.org/#homeNo, is it free? Any idea how active it is? Maybe make a thread for testing it?
-
@scottalanmiller YEah, it is free. I will start the testing.
-
@dbeato said in Managing Hyper-V:
@scottalanmiller YEah, it is free. I will start the testing.
Cool, make a thread for it. And lots of screen shots
-
@dbeato said in Managing Hyper-V:
@scottalanmiller YEah, it is free. I will start the testing.
In my crude testing it appears that one can start, stop, pause, reset a VM.
One cannot modify its settings, access the console, nor create/destroy.It does provide some basic guest details such as cpu, memory, network configuration, replication status, etc.
It is a little slower than I'd like.
-
@manxam said in Managing Hyper-V:
@dbeato said in Managing Hyper-V:
@scottalanmiller YEah, it is free. I will start the testing.
In my crude testing it appears that one can start, stop, pause, reset a VM.
One cannot modify its settings, access the console, nor create/destroy.It does provide some basic guest details such as cpu, memory, network configuration, replication status, etc.
It is a little slower than I'd like.
Limited, but not completely useless.
-
@scottalanmiller Another thing that can be done is PowerShell Web Access
https://technet.microsoft.com/en-us/library/hh831611(v=ws.11).aspx
Found about that today -
Late to the party....but just my two cents...haven't found a situation in which I'd want to join my hosts to a domain. The only consideration I could see here is if you're configuring failover clustering, but I'm fairly certain that applies to pre-2016. Generally when we're talking about Hyper-V Hosts and management pc's I have a dedicated workstation/laptop that's off domain and then create a mirrored Administrator account on the Hyper-V Hosts that's also off domain.
-
@r3dpand4 said in Managing Hyper-V:
Late to the party....but just my two cents...haven't found a situation in which I'd want to join my hosts to a domain. The only consideration I could see here is if you're configuring failover clustering, but I'm fairly certain that applies to pre-2016. Generally when we're talking about Hyper-V Hosts and management pc's I have a dedicated workstation/laptop that's off domain and then create a mirrored Administrator account on the Hyper-V Hosts that's also off domain.
Why go through all this work if you have a domain already? Just join it and be done.
It certainly does not have to be, but if you have a domain already it also certainly does not hurt.
-
@jaredbusch Because I have never needed the very thing supporting my infrastructure to be dependent on one of the vms inside of it. Also I'm not sure why you're saying this like it's a lot of work, it's literally no more or less work than creating a user account for management in AD and joining members to a domain. I wasn't arguing that it would hurt anything, it's just personal preference in all honesty, wasn't trying to be confrontational I just like having my management separated from the rest of the environment. I can imagine the headache that would come from a Host dropping Trust.
-
@r3dpand4 said in Managing Hyper-V:
@jaredbusch Because I have never needed the very thing supporting my infrastructure to be dependent on one of the vms inside of it. Also I'm not sure why you're saying this like it's a lot of work, it's literally no more or less work than creating a user account for management in AD and joining members to a domain. I wasn't arguing that it would hurt anything, it's just personal preference in all honesty, wasn't trying to be confrontational I just like having my management separated from the rest of the environment. I can imagine the headache that would come from a Host dropping Trust.
I thought this whole thread was about how much of a PITA non domain joined Hyper-V and control stations where to use? That would be the reason to join everything to a domain.
Have you some way that makes passing authentication from your non domain joined PC to the non domain joined Hyper-V work easily? Though many would probably argue that you having to maintain yet another PC that is soley for this use, it's pretty expensive.